US confronts cyber-cold war with China

Locals walk in front of 'Unit 61398', a secretive Chinese military unit

Washington: When the Obama administration circulated to the nation's Internet providers last week a lengthy confidential list of computer addresses linked to a hacking group that has stolen terabytes of data from US corporations, it left out one crucial fact: Nearly every one of the digital addresses could be traced to the neighborhood in Shanghai that is headquarters to the Chinese military's cybercommand.

That deliberate omission underscored the heightened sensitivities inside the Obama administration over just how directly to confront China's untested new leadership over the hacking issue, as the administration escalates demands that China halt the state-sponsored attacks that Beijing insists it is not mounting.

The issue illustrates how different the worsening cyber-cold war between the world's two largest economies is from the more familiar superpower conflicts of past decades - in some ways less dangerous, in others more complex and pernicious.

Administration officials say they are now more willing than before to call out the Chinese directly - as Attorney General Eric H. Holder Jr. did last week in announcing a new strategy to combat theft of intellectual property. But President Barack Obama avoided mentioning China by name - or Russia or Iran, the other two countries the president worries most about - when he declared in his State of the Union address that "we know foreign countries and companies swipe our corporate secrets." He added: "Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems."

Defining "enemies" in this case is not always an easy task. China is not an outright foe of the United States, the way the Soviet Union once was; rather, China is both an economic competitor and a crucial supplier and customer. The two countries traded $425 billion in goods last year, and China remains, despite many diplomatic tensions, a critical financier of American debt. As Hillary Rodham Clinton put it to Australia's prime minister in 2009 on her way to visit China for the first time as secretary of state, "How do you deal toughly with your banker?"

In the case of the evidence that the People's Liberation Army is probably the force behind "Comment Crew," the biggest of roughly 20 hacking groups that U.S. intelligence agencies follow, the answer is that the United States is being highly circumspect. Administration officials were perfectly happy to have Mandiant, a private security firm, issue the report tracing the cyberattacks to the door of China's cybercommand; U.S. officials said privately that they had no problems with Mandiant's conclusions, but they did not want to say so on the record.

That explains why China went unmentioned as the location of the suspect servers in the warning to Internet providers.

"We were told that directly embarrassing the Chinese would backfire," one intelligence official said. "It would only make them more defensive, and more nationalistic."

That view is beginning to change, though. On the ABC News program "This Week" on Sunday, Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, was asked whether he believed that the Chinese military and civilian government were behind the economic espionage.

"Beyond a shadow of a doubt," he replied.

In the next few months, U.S. officials say, there will be many private warnings delivered by Washington to Chinese leaders, including Xi Jinping, who will soon assume China's presidency. Both Tom Donilon, the national security adviser, and Clinton's successor, John Kerry, have trips to China in the offing. Those private conversations are expected to make a case that the sheer size and sophistication of the attacks over the past few years threatens to erode support for China among the country's biggest allies in Washington, the U.S. business community.

"America's biggest global firms have been ballast in the relationship" with China, said Kurt M. Campbell, who recently resigned as assistant secretary of state for East Asia to start a consulting firm, the Asia Group, to manage the prickly commercial relationships. "And now they are the ones telling the Chinese that these pernicious attacks are undermining what has been built up over decades."

It is too early to tell whether that appeal to China's self-interest is getting through. Similar arguments have been tried before, yet when one of China's most senior military leaders visited the Joint Chiefs of Staff at the Pentagon in April 2011, he said he didn't know much about cyberweapons - and said the PLA does not use them. In that regard, he sounded a bit like the Obama administration, which has never discussed America's own cyberarsenal.

Yet the PLA's attacks are largely at commercial targets. It has an interest in trade secrets like aerospace designs and wind-energy product schematics: the army is deeply invested in Chinese industry and is always seeking a competitive advantage. And so far the attacks have been cost-free.

U.S. officials say that must change. But the prescriptions for what to do vary greatly - from calm negotiation to economic sanctions and talk of counterattacks led by the U.S. military's Cyber Command, the unit that was deeply involved in the U.S. and Israeli cyberattacks on Iran's nuclear enrichment plants.

"The problem so far is that we have rhetoric and we have Cyber Command, and not much in between," said Chris Johnson, a 20-year veteran of the CIA team that analyzes the Chinese leadership. "That's what makes this so difficult. It's easy for the Chinese to deny it's happening, to say it's someone else, and no one wants the U.S. government launching counterattacks."

That marks another major difference from the dynamic of the U.S.-Soviet nuclear rivalry. In Cold War days, deterrence was straightforward: Any attack would result in a devastating counterattack, at a human cost so horrific that neither side pulled the trigger, even during close calls like the Cuban missile crisis.

But cyberattacks are another matter. The vast majority have taken the form of criminal theft, not destruction. It often takes weeks or months to pin down where an attack originated, because attacks are generally routed through computer servers elsewhere to obscure their source.

A series of attacks on The New York Times that originated in China, for example, were mounted through the computer systems of unwitting U.S. universities. That is why David Rothkopf, the author of books about the National Security Council, wrote last week that this was a "cool war," not only because of the remote nature of the attacks but because "it can be conducted indefinitely - permanently, even - without triggering a shooting war. At least, that is the theory."

Administration officials like Robert Hormats, the undersecretary of state for business and economic affairs, say the key to success in combating cyberattacks is to emphasize to the Chinese authorities that the attacks will harm their hopes for economic growth.

"We have to make it clear," Hormats said, "that the Chinese are not going to get what they desire," which he said was "investment from the cream of our technology companies, unless they quickly get this problem under control."

But Rogers of the intelligence committee argues for a more confrontational approach, including "indicting bad actors" and denying visas to anyone believed to be involved in cyberattacks, as well as their families.

The coming debate is over whether the government should get into the business of retaliation. Already, Washington is awash in conferences that talk about "escalation dominance" and "extended deterrence," all terminology drawn from the Cold War.

Some of the talk is overheated, fueled by a growing cybersecurity industry and the development of offensive cyberweapons, even though the US government has never acknowledged using them, even in the Stuxnet attacks on Iran. But there is a serious, behind-the-scenes discussion about what kind of attack on US infrastructure - something the Chinese hacking groups have not seriously attempted - could provoke a president to order a counterattack.